How to Get a "Codesigned" Gdb on Osx

How to get a codesigned gdb on OSX?

It would seem you need to sign the executable. See these links for more information. You should be able to get away with self signing if you don't plan on redistributing that version of gdb.

https://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html

https://developer.apple.com/library/mac/#documentation/Darwin/Reference/Manpages/man1/codesign.1.html

Alternatively, you could disable code signing on your system, although this presents a security risk. To do so try running sudo spctl --master-disable in the Terminal.

macOS Mojave: How to achieve codesign to enable debugging (gdb)?

This is related to codesign entitlements. you must add "com.apple.security.cs.debugger" key in signing process.

for example you must change codesign -fs gdbcert /usr/local/bin/gdb to codesign --entitlements gdb.xml -fs gdbcert /usr/local/bin/gdb .

gdb.xml content must something like following code.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.security.cs.debugger</key>
    <true/>
</dict>
</plist>

subject: cannot codesign system certificate for gdb in keychain access in Mac OS X High Sierra

I finally got it to work. I'm using the latest High Sierra as of the date of this post. First, I installed an older version of gdb, 8.0.1, instead of the latest 8.1, which seems to be broken:

brew install https://raw.githubusercontent.com/Homebrew/homebrew-core/9ec9fb27a33698fc7636afce5c1c16787e9ce3f3/Formula/gdb.rb

then brew pin gdb.

For the next steps, I found this thread, and this other thread useful. Also, this page.

Make the certificate in Login instead of System in order to avoid the -2,147,414,007 error. Then, click the padlock to unlock the System category, and drag the certificate and keys into System. If anything goes wrong here, you can try File->Import and File->Export instead. The goal is to get the following:

Keychain access

e.g. the certificate and the keys all under the System keychain, not login. (It may not even be necessary to drag the keys into system, but I did it just to be safe).

Then, a very important step: right click the certificate, go to Info, Trust, and select Always trust for every category. If you don't do this, the codesigning will not be effective, and will still get the mach port error message in gdb, even if you codesign.

(One of the answers in the two threads linked above says to temporarily enable the root account in Directory Utilities, but I'm not sure if that's actually necessary). Then, either restart your computer or do sudo killall taskgated. Then codesign -fs gdb-cert $(which gdb).

Then, I no longer got the mach port error message in gdb. The first time I ran, I got a popup asking for a password. To disable it for future runs, I did sudo /usr/sbin/DevToolsSecurity --enable as per that thread.

Note also that 8.0.1 has a minor issue: you will get warnings about unhandled dlyd version. That's explained in this thread. Note some posts in that thread say breakpoints don't work, but I didn't see that happening.

How do I install GDB on MacOS 10.13.3 (High Sierra)

After hours and hours of searching, I finally found an obscure gist identifying the issue and detailing the solution.

TL;DR The GNU Debugger requires a patch before it can work with MacOS. gdb v8.0.1 is the last known good version of GDB for MacOS.

  1. Uninstall the latest version of gdb (i.e. v8.1)

    brew uninstall --force gdb

  2. Force Homebrew to install a version of gdb with the patch for MacOS.

    brew install https://raw.githubusercontent.com/Homebrew/homebrew-core/c3128a5c335bd2fa75ffba9d721e9910134e4644/Formula/gdb.rb

  3. Use the existing certificate to codesign the new install of gdb

    codesign -f -s  "<GNU GDB Certificate>" $(which gdb)

Now, gdb works as expected!

Special thanks to https://github.com/marcoparente and https://github.com/lokoum for their gist comments!

codesigned errors when using gdb on macos Mojave 10.14

gdb codesigning will need proper entitlements in 10.14+:
https://sourceware.org/gdb/wiki/PermissionsDarwin

Edit: Now you are probably duplicating this error which requires downgrading gdb gdb-doesnt-work-on-macos-high-sierra-10-13-3… answer has instructions.

Edit 2: it looks like upgrading to gdb 8.3 should work for you now.


Related Topics

Must New Always Be Followed by Delete

What Is a Reference-To-Pointer

Why Is #Define Bad and What Is the Proper Substitute

How to Do the Equivalent of Memset(This, ...) Without Clobbering the Vtbl

How to Make My Split Work Only on One Real Line and Be Capable to Skip Quoted Parts of String

Opencv: Process Every Frame

How to Building Static Qt with Static Openssl

Variadic Deduction Guide Not Taken by G++, Taken by Clang++ - Who Is Correct

Function-To-Function-Pointer "Decay"

C++ Overloading Array Operator

Can Compiler Generate Std::Move for a Last Use of Lvalue Automatically

Creating Hbitmap from Memory Buffer

How to Provider User with Autocomplete Suggestions for Given Boost::Spirit Grammar

How to Make My Split Work Only on One Real Line and Be Capable to Skip Quoted Parts of String

Rewinding Std::Cout to Go Back to the Beginning of a Line

Adding List Items or Nodes in Linked List

How to Use a Hashmap in C++

Is Std::String Size() a O(1) Operation


Leave a reply



Submit